Firefox error al identificarse con certificado
Hola, si entro a la siguiente página web que sirve para comprobar los datos de un certificado https://gestiona2.comunidad.madrid/ejpl_usigner_diag selecciono un certificado cliente de la FNMT y la página me muestra los datos del mismo.
Otra persona intenta acceder desde su pc a la misma url y obtiene un mensaje de error, SEC_ERROR_PKCS11_GENERAL_ERROR.
He activado el log de firefox en mi pc y en el de la otra persona y buscando gestiona2.comunidad.madrid veo una cosa diferente que intuyo que podría ser la causa del problema. Mi traza es la siguiente:
Socket Thread]: E/nsHttp nsHttpTransaction::ParseLine [CF-RAY: 6df0522c688bff30-MAD] [Socket Thread]: I/nsHttp http response [ [Socket Thread]: E/nsHttp HTTP/1.1 200 OK [Socket Thread]: E/nsHttp Date: Thu, 17 Feb 2022 16:16:35 GMT [Socket Thread]: E/nsHttp Content-Type: application/ocsp-response [Socket Thread]: E/nsHttp Content-Length: 1445 [Socket Thread]: E/nsHttp Connection: keep-alive [Socket Thread]: E/nsHttp Expires: Mon, 21 Feb 2022 15:14:51 GMT [Socket Thread]: E/nsHttp ETag: "2ae0fedc6465bd051f0ad90bb87c06806006decf" [Socket Thread]: E/nsHttp Last-Modified: Thu, 17 Feb 2022 15:14:51 GMT [Socket Thread]: E/nsHttp Cache-Control: public, no-transform, must-revalidate, s-maxage=3600 [Socket Thread]: E/nsHttp CF-Cache-Status: HIT [Socket Thread]: E/nsHttp Age: 2653 [Socket Thread]: E/nsHttp Accept-Ranges: bytes [Socket Thread]: E/nsHttp Vary: Accept-Encoding [Socket Thread]: E/nsHttp Server: cloudflare [Socket Thread]: E/nsHttp CF-RAY: 6df0522c688bff30-MAD [Socket Thread]: E/nsHttp OriginalHeaders [Socket Thread]: E/nsHttp Date: Thu, 17 Feb 2022 16:16:35 GMT [Socket Thread]: E/nsHttp Content-Type: application/ocsp-response [Socket Thread]: E/nsHttp Content-Length: 1445 [Socket Thread]: E/nsHttp Connection: keep-alive [Socket Thread]: E/nsHttp Expires: Mon, 21 Feb 2022 15:14:51 GMT [Socket Thread]: E/nsHttp ETag: "2ae0fedc6465bd051f0ad90bb87c06806006decf" [Socket Thread]: E/nsHttp Last-Modified: Thu, 17 Feb 2022 15:14:51 GMT [Socket Thread]: E/nsHttp Cache-Control: public, no-transform, must-revalidate, s-maxage=3600 [Socket Thread]: E/nsHttp CF-Cache-Status: HIT [Socket Thread]: E/nsHttp Age: 2653 [Socket Thread]: E/nsHttp Accept-Ranges: bytes [Socket Thread]: E/nsHttp Vary: Accept-Encoding [Socket Thread]: E/nsHttp Server: cloudflare [Socket Thread]: E/nsHttp CF-RAY: 6df0522c688bff30-MAD [Socket Thread]: I/nsHttp ] [Socket Thread]: E/nsHttp nsHttpTransaction::HandleContent [this=232a702dc00 count=1445 read=1445 mContentRead=1445 mContentLength=1445] [Socket Thread]: E/nsHttp nsHttpConnection::SetupSSL 232a4065000 caps=0x1200091 ..AP.....[tlsflags0x00000000]ocsp.globalsign.com:80^privateBrowsingId=1 [DNS Resolver #4]: E/nsHostResolver DNS lookup thread - lookup completed for host [ocsp.globalsign.com]: success. [Socket Thread]: E/nsHttp nsHttpTransaction::OnSocketStatus [this=232a1bc9e00 status=804b000d progress=0] [Socket Thread]: E/nsHttp nsHttpTransaction::OnSocketStatus [this=232a1bc9e00 status=804b0005 progress=502] [Socket Thread]: E/nsHttp nsHttpTransaction::OnTransportStatus 232a1bc9e00 SENDING_TO without request body
y la suya en este punto es la de a continuación:
[Socket Thread]: E/nsHttp nsHttpTransaction::ParseLine [CF-RAY: 6de00e7f4b9666a7-MAD] [Socket Thread]: I/nsHttp http response [ [Socket Thread]: E/nsHttp HTTP/1.1 200 OK [Socket Thread]: E/nsHttp Date: Tue, 15 Feb 2022 16:54:11 GMT [Socket Thread]: E/nsHttp Content-Type: application/ocsp-response [Socket Thread]: E/nsHttp Content-Length: 1445 [Socket Thread]: E/nsHttp Connection: keep-alive [Socket Thread]: E/nsHttp Expires: Sat, 19 Feb 2022 13:59:57 GMT [Socket Thread]: E/nsHttp ETag: "4216ac1c84b08406853726d41c352a716cb54d94" [Socket Thread]: E/nsHttp Last-Modified: Tue, 15 Feb 2022 13:59:57 GMT [Socket Thread]: E/nsHttp Cache-Control: public, no-transform, must-revalidate, s-maxage=3600 [Socket Thread]: E/nsHttp CF-Cache-Status: HIT [Socket Thread]: E/nsHttp Age: 3174 [Socket Thread]: E/nsHttp Accept-Ranges: bytes [Socket Thread]: E/nsHttp Vary: Accept-Encoding [Socket Thread]: E/nsHttp Server: cloudflare [Socket Thread]: E/nsHttp CF-RAY: 6de00e7f4b9666a7-MAD [Socket Thread]: E/nsHttp OriginalHeaders [Socket Thread]: E/nsHttp Date: Tue, 15 Feb 2022 16:54:11 GMT [Socket Thread]: E/nsHttp Content-Type: application/ocsp-response [Socket Thread]: E/nsHttp Content-Length: 1445 [Socket Thread]: E/nsHttp Connection: keep-alive [Socket Thread]: E/nsHttp Expires: Sat, 19 Feb 2022 13:59:57 GMT [Socket Thread]: E/nsHttp ETag: "4216ac1c84b08406853726d41c352a716cb54d94" [Socket Thread]: E/nsHttp Last-Modified: Tue, 15 Feb 2022 13:59:57 GMT [Socket Thread]: E/nsHttp Cache-Control: public, no-transform, must-revalidate, s-maxage=3600 [Socket Thread]: E/nsHttp CF-Cache-Status: HIT [Socket Thread]: E/nsHttp Age: 3174 [Socket Thread]: E/nsHttp Accept-Ranges: bytes [Socket Thread]: E/nsHttp Vary: Accept-Encoding [Socket Thread]: E/nsHttp Server: cloudflare [Socket Thread]: E/nsHttp CF-RAY: 6de00e7f4b9666a7-MAD [Socket Thread]: I/nsHttp ] [Socket Thread]: E/nsHttp nsHttpTransaction::HandleContent [this=26dcf843000 count=1445 read=1445 mContentRead=1445 mContentLength=1445] [Socket Thread]: E/nsHttp nsHttpConnection::SetupSSL 26dcfa2e800 caps=0x1200091 ..AP.....[tlsflags0x00000000]ocsp.globalsign.com:80^privateBrowsingId=1 [Socket Thread]: E/nsHttp nsHttpTransaction::OnSocketStatus [this=26dcf843c00 status=804b000d progress=0] [Main Thread]: E/nsHttp HttpBaseChannel::Init [this=26dcfaed400] [Main Thread]: E/nsHttp host=incoming.telemetry.mozilla.org port=-1
La línea que yo veo distinta y donde creo que puede estar el problema es que a mi me aparece lo siguiente
[DNS Resolver #4]: E/nsHostResolver DNS lookup thread - lookup completed for host [ocsp.globalsign.com]: success.
y a él no. Me da la impresión de que a mi se me valida y acepta el certificado del servidor pero a la otra persona no. ¿A qué puede ser debido? ¿Se puede tratar de algo de configuración? Muchas gracias. Un saludo
Tutte le risposte (1)
Hola, Ese error podría esta relacionado con el manejo de los certificados del Firefox antiguamente solo usaba certificados en su propio contenedor ahora puede usar los del sistema operativo, prueba cambiar el siguiente parámetro de la configuración avanzada del Firefox: escribir en el campo de URL: about:config, luego enter, aceptar el mensaje de advertencia, escribir security.osclientcerts.autoload y cambiar el valor de True a False.
Si se ha resuelto la consulta agradeceríamos marcar como solucionada para que sirva a otros usuarios. ¡Gracias!